Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1290 — Cross-Site Request Forgery in IBM Advanced Management Module

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 26.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Advanced Management Module

Timeline

PublishedApr 13

Latest updateMay 2

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/advanced_management_module1.36h

🔴Vulnerability Details

GHSA

GHSA-j8cp-q9f7-wqch: Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM Blad↗2022-05-02

▶

CVEList

CVE-2009-1290: Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM Blad↗2009-04-13

▶

💥Exploits & PoCs

Exploit-DB

IBM Bladecenter Advanced Management Module 1.42 - Cross-Site Request Forgery↗2009-04-09

▶